From: Kevin Wolf <kwolf@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Cc: vsementsov@virtuozzo.com, Mansour Ahmadi <ManSoSec@gmail.com>,
qemu-devel@nongnu.org, Qemu-block <qemu-block@nongnu.org>
Subject: Re: Potential Null dereference
Date: Tue, 24 Mar 2020 10:50:56 +0100 [thread overview]
Message-ID: <20200324095056.GD5417@linux.fritz.box> (raw)
In-Reply-To: <336bbdf8-140a-e884-d5d1-0610a9b1c6a6@redhat.com>
Am 24.03.2020 um 08:14 hat Philippe Mathieu-Daudé geschrieben:
> On 3/24/20 4:05 AM, Mansour Ahmadi wrote:
> > Hi,
> >
> > Nullness of needs to be checked here:
> > https://github.com/qemu/qemu/blob/c532b954d96f96d361ca31308f75f1b95bd4df76/block/commit.c#L221
> >
> > pstrcpy(bs->exact_filename, sizeof(bs->exact_filename),...
Do you have a reproducer? It's not obvious to me how bs->backing could
be NULL here.
> >
> > While it is done at 2 other locations:
> > https://github.com/qemu/qemu/blob/c532b954d96f96d361ca31308f75f1b95bd4df76/block/backup-top.c#L113
> > https://github.com/qemu/qemu/blob/c532b954d96f96d361ca31308f75f1b95bd4df76/block/mirror.c#L1477
Commit 18775ff3269 made the change for mirror, however its commit
message is terse and doesn't say anything about the scenario where it
would happen. We also didn't add a test case for it. I would have
expected that failure to add the backing file would immediately error
out and not try to refresh the filename first.
backup-top.c has the check from the beginning. I assume it just copied
it from mirror.
Vladimir, do you remember the details?
Kevin
next prev parent reply other threads:[~2020-03-24 9:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-24 3:05 Potential Null dereference Mansour Ahmadi
2020-03-24 7:14 ` Philippe Mathieu-Daudé
2020-03-24 9:50 ` Kevin Wolf [this message]
2020-03-24 11:59 ` Vladimir Sementsov-Ogievskiy
2020-03-24 12:37 ` Vladimir Sementsov-Ogievskiy
2020-03-24 12:58 ` Kevin Wolf
-- strict thread matches above, loose matches on Subject: below --
2009-12-15 12:41 potential null dereference Jiri Slaby
2009-12-17 12:30 ` René Scharfe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200324095056.GD5417@linux.fritz.box \
--to=kwolf@redhat.com \
--cc=ManSoSec@gmail.com \
--cc=philmd@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.